#15 Buffer overflow patch

closed
Spacy
None
5
2006-08-25
2005-08-19
Richard Quirk
No

This is my submission for a fix to the buffer overflow
described in bug #1104539

Changes src/sdl/SDL.cpp. It checks the size of the file
name and aborts if it is 'too large' for the buffer. I
have chosen 1024 as the maximum file name size, and the
buffer remains at 2048 bytes.

Patched against today's CVS. From the top level
VisualBoyAdvance directory apply as follows:

patch < overflow.patch
make

then tested with:

src/sdl/VisualBoyAdvance `perl -e'print "A"x2043'`
and
src/sdl/VisualBoyAdvance `perl -e'print "A"x2043'`.gba

Previously these gave:
Unknown file type AAAA....
Error opening image AAAA....
Segmentation fault

This is a quick fix that seems reasonable. The right
way to do this would be to use a stream instead of
sprintf-ing to a buffer, but the systemMessage function
is used in a lot of places (i.e. lots of changes) and,
more importantly, there isn't any other stream usage in
the code, so I wondered if it was a policy not to use
too many C++ libraries. Any comments?

Discussion

  • Richard Quirk
    Richard Quirk
    2005-08-19

    Draft buffer overflow fix

     
    Attachments
  • Spacy
    Spacy
    2006-08-25

    • assigned_to: nobody --> spacy51
    • status: open --> closed